./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor991579368 <...> Warning: Permanently added '10.128.1.136' (ED25519) to the list of known hosts. execve("./syz-executor991579368", ["./syz-executor991579368"], 0x7ffe1dab2e40 /* 10 vars */) = 0 brk(NULL) = 0x5555567c0000 brk(0x5555567c0e00) = 0x5555567c0e00 arch_prctl(ARCH_SET_FS, 0x5555567c0480) = 0 set_tid_address(0x5555567c0750) = 541 set_robust_list(0x5555567c0760, 24) = 0 rseq(0x5555567c0da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor991579368", 4096) = 27 getrandom("\x73\xe3\xd7\xda\xb5\xaa\x36\x76", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555567c0e00 brk(0x5555567e1e00) = 0x5555567e1e00 brk(0x5555567e2000) = 0x5555567e2000 mprotect(0x7f499a2f3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567c0750) = 542 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 542 attached ) = 3 [pid 541] write(3, "0", 1 [pid 542] set_robust_list(0x5555567c0760, 24 [pid 541] <... write resumed>) = 1 [pid 541] close(3) = 0 [pid 541] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 542] <... set_robust_list resumed>) = 0 [pid 541] write(3, "0", 1) = 1 [pid 541] close(3) = 0 [pid 541] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "7 4 1 3", 7) = 7 [pid 541] close(3) = 0 [pid 541] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "1", 1) = 1 [pid 541] close(3) = 0 [pid 541] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "1", 1) = 1 [pid 541] close(3) = 0 [pid 541] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "0", 1) = 1 [pid 541] close(3) = 0 [pid 541] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "542", 3) = 3 [pid 541] close(3) = 0 [pid 541] kill(542, SIGKILL) = 0 [pid 542] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=542, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f499a234c00, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f499a23fd50}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f499a234c00, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f499a23fd50}, NULL, 8) = 0 mkdir("./syzkaller.LS0ewg", 0700) = 0 chmod("./syzkaller.LS0ewg", 0777) = 0 chdir("./syzkaller.LS0ewg") = 0 mkdir("./0", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567c0750) = 543 ./strace-static-x86_64: Process 543 attached [pid 543] set_robust_list(0x5555567c0760, 24) = 0 [pid 543] chdir("./0") = 0 [pid 543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 543] setpgid(0, 0) = 0 [pid 543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 543] write(3, "1000", 4) = 4 [pid 543] close(3) = 0 [pid 543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 543] write(1, "executing program\n", 18executing program ) = 18 [pid 543] futex(0x7f499a2f93ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] rt_sigaction(SIGRT_1, {sa_handler=0x7f499a293b90, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f499a23fd50}, NULL, 8) = 0 [pid 543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f499a20a000 [pid 543] mprotect(0x7f499a20b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f499a22a990, parent_tid=0x7f499a22a990, exit_signal=0, stack=0x7f499a20a000, stack_size=0x20240, tls=0x7f499a22a6c0}./strace-static-x86_64: Process 544 attached => {parent_tid=[544]}, 88) = 544 [pid 544] set_robust_list(0x7f499a22a9a0, 24 [pid 543] rt_sigprocmask(SIG_SETMASK, [], [pid 544] <... set_robust_list resumed>) = 0 [pid 543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 544] rt_sigprocmask(SIG_SETMASK, [], [pid 543] futex(0x7f499a2f93e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 543] <... futex resumed>) = 0 [pid 544] socketpair(AF_TIPC, SOCK_STREAM, 0, [ 276.067377][ T24] audit: type=1400 audit(1724924376.499:66): avc: denied { execmem } for pid=541 comm="syz-executor991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 543] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... socketpair resumed>[3, 4]) = 0 [pid 544] futex(0x7f499a2f93ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7f499a2f93e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x20\x00\x00\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x20"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [pid 543] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 543] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 543] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 543] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f499a1e9000 [pid 543] mprotect(0x7f499a1ea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f499a209990, parent_tid=0x7f499a209990, exit_signal=0, stack=0x7f499a1e9000, stack_size=0x20240, tls=0x7f499a2096c0} => {parent_tid=[545]}, 88) = 545 [pid 543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 543] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] futex(0x7f499a2f93fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x7f499a2099a0, 24) = 0 [pid 545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 545] sendmmsg(4, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 3, 0) = 3 [pid 545] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] futex(0x7f499a2f93fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] <... futex resumed>) = 1 [pid 545] dup2(4, 3) = 3 [pid 545] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] futex(0x7f499a2f93fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] <... futex resumed>) = 1 [ 276.089937][ T24] audit: type=1400 audit(1724924376.519:67): avc: denied { create } for pid=543 comm="syz-executor991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 276.109553][ T24] audit: type=1400 audit(1724924376.519:68): avc: denied { write } for pid=543 comm="syz-executor991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [pid 545] setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 545] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] futex(0x7f499a2f93f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 543] futex(0x7f499a2f93fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] <... futex resumed>) = 0 [pid 545] sendmmsg(3, [pid 544] <... sendmsg resumed>) = 132000 [pid 544] futex(0x7f499a2f93ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] futex(0x7f499a2f93e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name={sa_family=AF_UNSPEC, sa_data="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=110, msg_iov=[{iov_base="\xce\x96\x68\x93\xff\xb0\x5f\xfa\xc6\x77\x25\xc5\x45\x82\x60\x81\x67\x1e\x1f\x50\xa2\xf8\x8e\x2b\xbe\x53\x5f\xe7\x3b\x6b\x23\x33\xad\x91\xd8\x2d\xd7\xc4\xa8\xaa\x91\x73\x46\x0b\x74\x35\x5e\xf2\x5a\xfb\x06\x27\x3a\x96\x81\xef\x7a\x88\x2a\x6a\x55\xcc\xb3\xd3\xf9\xa4\x1f\xe7\x5f\xbd\xd6\x47\x21\x0d\x3d\xb8\xe2\x4c\x9e\x2b\x12\x1f\x6a\x5f\x0e\x4c\x92\x56\xf2\xc4\x58\xb5\x47\x79\x92\x29\xa7\x16\x03\xdf"..., iov_len=175}, {iov_base="\x47\x84\x97\x81\x37\x17\xf9\xd8\x17\x93\x6b\xd5\x2f\xe6\xe6\xa5\xa7\xce\xe0\x0f\xcf\x60\x63\xfa\x66\x64\xfc\xcc\xa2\x56\xfa\xd9\x0e\xa3\x4e\x3c\x78\xff\x04\x04\x0a\x5d\x2c\x06\x31\x88\x25\x71\x3c\x58\x51\x50\x3e\x15\x3a\x33\x1a\x93\x57\x97\x25\xb8\xaf\xbe\xe3\xa8\x27\x84\x1f\xeb\xbd\xbf\x58\x47\x03\x45\xd7\x1a\xd6\x20\x92\x3c\x72\xcc\xc6\xbd\x4f\xfb\x5f\xf6\xee\x6e\x93\x36\xef\xc0\xaa\x10\x80\xe0", iov_len=100}, {iov_base="\x84\xa1\x3f\x5d\xb4\x65\x21\xd1\xc6\x80\x58\x5a\x41\x73\x96\xfa\x3a\x38\xc1\x03\x61\x94\xdb\x97\x12\x26\xdd\xb9\xa7\x10\xbb\xcf\x04\xec\x5d\xb1\x34\x87\x29\xa4\x8e\x71\xeb\xe5\xb6\x97\x7b\x0d\x5c\x27\xb8\x99\x1a\x02\x56\xaa\x96\xdc\x6f\xe1\x89\x63\x1d\xde\x4e\xf5\xc8\xed\xde\x46\x9d\x61\xa4\xcd\x2a\x16\xbd\x7a\x17\xf1\x04\xaa\xc6\x75\x5c\x38\x99\x37\xc8\xa6\xbc\xcb\x31\x79\x37\x27\xf3\xba\xd8\x54"..., iov_len=65478}, {iov_base="\x01\x00\xf9\x49\x45\xde\x15\xae\x1b\x31\x3e\xaa\x68\x69\xb3\xe2\x60\x02\xc9\xd0\xd6\xc7\xf7\x1e\xa6\x5c\xc6\xe6\x3e\x97\x09\x13\xfd\xf8\x80\x19\x88\x07\x39\x4b\x72\x54\xe5\x4f\x27\x4d\x4a\x18\xaf\x84\xc8\x93\xd9\xf8\x41\x5c\xea\x7a\xd9\xde\xf7\x4b\x81\xeb\xcc\x00\xda\xbe\xa8\x5c\xc6\x64\xb0\x83\xd7\xa5\x8a\x82\x2b\xc7\x20\x23\x60\x70\xc9\xd1\xed\x13\x2a\xdc\x1f\x41\x84\x2a\x94\x04\x14\x3a\x4b\x4d"..., iov_len=135}], msg_iovlen=4, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1]}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=44, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1, -1, -1, -1, -1, -1]}, {cmsg_len=36, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1, -1, -1, -1]}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=-1}}, {cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1]}, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1]}], msg_controllen=256, msg_flags=0}, msg_len=65888}, {msg_hdr={msg_name={sa_family=AF_UNSPEC, sa_data="\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=110, msg_iov=[{iov_base="\xc4\x85\xae\x54\x63\xe7\x37\x39\x21\xae\xdf\x2b\x7f\x3a\xe0\xa8\xca\x79\x44\x40\x55\xff\xcf\x62\x55\x97\x9e\xd1\x3a\xcb\xb8\x0c\x6c\x24\xae\x23\xd9\xcd\x68\xc2\x9e\x71\x17\x9e\x60\x3b\x5a\x77\x17\x41\x4c\x78\xfd\x06\xb7\xe6\xfb\xa1\x40\xd9\x9f\xb9\x03\x39\xaf\xec\xfc\xf7\x02\x26\xb4\xc3\xcb\x27\x9d\xea\xde\x7e\xa2\xfa\xac\x18\x77\x30\xd9\xc7\x1b\x13\xba\xa3\x78\x5a\x90\x2a\x13\xa2\xa6\xea\xf3\x88"..., iov_len=140}, {iov_base="\x8b\x98\xcc\x26\x69\xd0\xa8\x4b\x16\xb1\x84\x85\xe3\xb8\x02\xe1\xa3\x45\xa2\xf3\xc7\x4c\x6e\x26\x8b\x06\xda\xfc\x8d\x20\x93\x77\xa5\xf6\xf4\xf2\x7f\x66\x69\x4c\x92\xd8\x8c\x41\xc6\xc5\x27\x19\xf4\x11\x1a\x47\x89\x84\x7b\x71\x5f\x48\xd7\xbf\xdc\x03\xb4\x34\x9a\x09\x43\xc9\x63\xdb\x4b\xc0\x33\x3e\xdc", iov_len=75}], msg_iovlen=2, msg_control=[{cmsg_len=16581470653610197040, cmsg_level=SOL_IP, cmsg_type=IP_TOS, cmsg_data=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}], msg_controllen=48, msg_flags=MSG_OOB|MSG_DONTWAIT|MSG_BATCH|MSG_ZEROCOPY|0x8000000}, msg_len=215}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x89\x39\x58\xbb\x76\x3d\x38\x09\x1e\x7e\x24\x2e\x6b\x89\x74\x8e\x3a\xe0\xe5\x26\xdb\x91\x29\x07\xf7\x59\xbc\x2d\xa4\x32\x74\x01\xb4\x4b\xb9\xcb\xd9\x42\x0f\xd5\x76\xee\xac\x9c\x46\xc7\xd3\xa2\x1d\x84\xaa\x3b\xbb\x63\xdb\x44\x54\xd3\x63\xcb\x9d\x87\xa0\xa7\x2e\xc4\x66\x25\x17\x1c\xad\xc7\xbe\x01\xcd\xcf\xc4\xbd\x17\xe0\x9d\x0f\xfe\x8e\x3d\x65\x17\x54\x91\x88\x1c\x81\xa2\xef\x82\x57\xbe\xea\x93\x03"..., iov_len=176}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1]}, {cmsg_len=40, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1, -1, -1, -1, -1]}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}], msg_controllen=192, msg_flags=0}, msg_len=176}], 5, 0) = 5 [pid 545] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7f499a2f93e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... futex resumed>) = 0 [pid 543] <... futex resumed>) = 1 [pid 544] bpf(BPF_PROG_LOAD, NULL, 0 [pid 543] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 544] futex(0x7f499a2f93ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 543] <... futex resumed>) = 0 [pid 544] mkdir(NULL, 000 [pid 543] futex(0x7f499a2f93e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... mkdir resumed>) = -1 EFAULT (Bad address) [pid 543] <... futex resumed>) = 0 [pid 544] futex(0x7f499a2f93ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 0 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] timer_settime(0, 0, NULL, [pid 543] futex(0x7f499a2f93e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... timer_settime resumed>NULL) = -1 EINVAL (Invalid argument) [pid 543] <... futex resumed>) = 0 [pid 544] futex(0x7f499a2f93ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 0 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7f499a2f93e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 543] exit_group(0 [pid 544] <... futex resumed>) = ? [pid 543] <... exit_group resumed>) = ? [pid 544] +++ exited with 0 +++ [pid 545] <... futex resumed>) = ? [pid 545] +++ exited with 0 +++ [pid 543] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=543, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567c17f0 /* 3 entries */, 32768) = 80 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555567c17f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567c0750) = 546 ./strace-static-x86_64: Process 546 attached [pid 546] set_robust_list(0x5555567c0760, 24) = 0 [pid 546] chdir("./1") = 0 [pid 546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 546] setpgid(0, 0) = 0 [pid 546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 546] write(3, "1000", 4) = 4 [pid 546] close(3) = 0 [pid 546] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 546] write(1, "executing program\n", 18) = 18 [pid 546] futex(0x7f499a2f93ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] rt_sigaction(SIGRT_1, {sa_handler=0x7f499a293b90, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f499a23fd50}, NULL, 8) = 0 [pid 546] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f499a20a000 [pid 546] mprotect(0x7f499a20b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f499a22a990, parent_tid=0x7f499a22a990, exit_signal=0, stack=0x7f499a20a000, stack_size=0x20240, tls=0x7f499a22a6c0}./strace-static-x86_64: Process 547 attached => {parent_tid=[547]}, 88) = 547 [pid 547] set_robust_list(0x7f499a22a9a0, 24) = 0 [pid 547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 547] futex(0x7f499a2f93e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 546] futex(0x7f499a2f93e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] socketpair(AF_TIPC, SOCK_STREAM, 0, [3, 4]) = 0 [pid 546] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] futex(0x7f499a2f93ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f499a2f93e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 546] futex(0x7f499a2f93e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] sendmsg(3, {msg_name={sa_family=AF_TIPC, sa_data="\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=16, msg_iov=[{iov_base="\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4", iov_len=100}, {iov_base="V", iov_len=1}, {iov_base="\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77"..., iov_len=4096}, {iov_base="\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9\x31\x70\xca\x1a\x86\x40\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x00\x20\x00\x00\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x20"..., iov_len=4294966976}], msg_iovlen=4, msg_controllen=0, msg_flags=MSG_PROBE|MSG_MORE}, 0 [ 276.150491][ T24] audit: type=1400 audit(1724924376.579:69): avc: denied { setopt } for pid=543 comm="syz-executor991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 276.170066][ T24] audit: type=1400 audit(1724924376.589:70): avc: denied { prog_load } for pid=543 comm="syz-executor991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 546] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 546] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 546] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 546] futex(0x7f499a2f93ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 546] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f499a1e9000 [pid 546] mprotect(0x7f499a1ea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f499a209990, parent_tid=0x7f499a209990, exit_signal=0, stack=0x7f499a1e9000, stack_size=0x20240, tls=0x7f499a2096c0} => {parent_tid=[548]}, 88) = 548 ./strace-static-x86_64: Process 548 attached [pid 546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 546] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f499a2f93fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] set_robust_list(0x7f499a2099a0, 24) = 0 [pid 548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 548] sendmmsg(4, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 3, 0) = 3 [pid 548] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f499a2f93fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] dup2(4, 3) = 3 [pid 548] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] <... futex resumed>) = 0 [pid 548] futex(0x7f499a2f93f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f499a2f93fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 548] setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [-1], 4) = 0 [pid 548] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f499a2f93fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name={sa_family=AF_UNSPEC, sa_data="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=110, msg_iov=[{iov_base="\xce\x96\x68\x93\xff\xb0\x5f\xfa\xc6\x77\x25\xc5\x45\x82\x60\x81\x67\x1e\x1f\x50\xa2\xf8\x8e\x2b\xbe\x53\x5f\xe7\x3b\x6b\x23\x33\xad\x91\xd8\x2d\xd7\xc4\xa8\xaa\x91\x73\x46\x0b\x74\x35\x5e\xf2\x5a\xfb\x06\x27\x3a\x96\x81\xef\x7a\x88\x2a\x6a\x55\xcc\xb3\xd3\xf9\xa4\x1f\xe7\x5f\xbd\xd6\x47\x21\x0d\x3d\xb8\xe2\x4c\x9e\x2b\x12\x1f\x6a\x5f\x0e\x4c\x92\x56\xf2\xc4\x58\xb5\x47\x79\x92\x29\xa7\x16\x03\xdf"..., iov_len=175}, {iov_base="\x47\x84\x97\x81\x37\x17\xf9\xd8\x17\x93\x6b\xd5\x2f\xe6\xe6\xa5\xa7\xce\xe0\x0f\xcf\x60\x63\xfa\x66\x64\xfc\xcc\xa2\x56\xfa\xd9\x0e\xa3\x4e\x3c\x78\xff\x04\x04\x0a\x5d\x2c\x06\x31\x88\x25\x71\x3c\x58\x51\x50\x3e\x15\x3a\x33\x1a\x93\x57\x97\x25\xb8\xaf\xbe\xe3\xa8\x27\x84\x1f\xeb\xbd\xbf\x58\x47\x03\x45\xd7\x1a\xd6\x20\x92\x3c\x72\xcc\xc6\xbd\x4f\xfb\x5f\xf6\xee\x6e\x93\x36\xef\xc0\xaa\x10\x80\xe0", iov_len=100}, {iov_base="\x84\xa1\x3f\x5d\xb4\x65\x21\xd1\xc6\x80\x58\x5a\x41\x73\x96\xfa\x3a\x38\xc1\x03\x61\x94\xdb\x97\x12\x26\xdd\xb9\xa7\x10\xbb\xcf\x04\xec\x5d\xb1\x34\x87\x29\xa4\x8e\x71\xeb\xe5\xb6\x97\x7b\x0d\x5c\x27\xb8\x99\x1a\x02\x56\xaa\x96\xdc\x6f\xe1\x89\x63\x1d\xde\x4e\xf5\xc8\xed\xde\x46\x9d\x61\xa4\xcd\x2a\x16\xbd\x7a\x17\xf1\x04\xaa\xc6\x75\x5c\x38\x99\x37\xc8\xa6\xbc\xcb\x31\x79\x37\x27\xf3\xba\xd8\x54"..., iov_len=65478}, {iov_base="\x01\x00\xf9\x49\x45\xde\x15\xae\x1b\x31\x3e\xaa\x68\x69\xb3\xe2\x60\x02\xc9\xd0\xd6\xc7\xf7\x1e\xa6\x5c\xc6\xe6\x3e\x97\x09\x13\xfd\xf8\x80\x19\x88\x07\x39\x4b\x72\x54\xe5\x4f\x27\x4d\x4a\x18\xaf\x84\xc8\x93\xd9\xf8\x41\x5c\xea\x7a\xd9\xde\xf7\x4b\x81\xeb\xcc\x00\xda\xbe\xa8\x5c\xc6\x64\xb0\x83\xd7\xa5\x8a\x82\x2b\xc7\x20\x23\x60\x70\xc9\xd1\xed\x13\x2a\xdc\x1f\x41\x84\x2a\x94\x04\x14\x3a\x4b\x4d"..., iov_len=135}], msg_iovlen=4, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1]}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=44, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1, -1, -1, -1, -1, -1]}, {cmsg_len=36, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1, -1, -1, -1]}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=-1}}, {cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1]}, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1]}], msg_controllen=256, msg_flags=0}, msg_len=65888}, {msg_hdr={msg_name={sa_family=AF_UNSPEC, sa_data="\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, msg_namelen=110, msg_iov=[{iov_base="\xc4\x85\xae\x54\x63\xe7\x37\x39\x21\xae\xdf\x2b\x7f\x3a\xe0\xa8\xca\x79\x44\x40\x55\xff\xcf\x62\x55\x97\x9e\xd1\x3a\xcb\xb8\x0c\x6c\x24\xae\x23\xd9\xcd\x68\xc2\x9e\x71\x17\x9e\x60\x3b\x5a\x77\x17\x41\x4c\x78\xfd\x06\xb7\xe6\xfb\xa1\x40\xd9\x9f\xb9\x03\x39\xaf\xec\xfc\xf7\x02\x26\xb4\xc3\xcb\x27\x9d\xea\xde\x7e\xa2\xfa\xac\x18\x77\x30\xd9\xc7\x1b\x13\xba\xa3\x78\x5a\x90\x2a\x13\xa2\xa6\xea\xf3\x88"..., iov_len=140}, {iov_base="\x8b\x98\xcc\x26\x69\xd0\xa8\x4b\x16\xb1\x84\x85\xe3\xb8\x02\xe1\xa3\x45\xa2\xf3\xc7\x4c\x6e\x26\x8b\x06\xda\xfc\x8d\x20\x93\x77\xa5\xf6\xf4\xf2\x7f\x66\x69\x4c\x92\xd8\x8c\x41\xc6\xc5\x27\x19\xf4\x11\x1a\x47\x89\x84\x7b\x71\x5f\x48\xd7\xbf\xdc\x03\xb4\x34\x9a\x09\x43\xc9\x63\xdb\x4b\xc0\x33\x3e\xdc", iov_len=75}], msg_iovlen=2, msg_control=[{cmsg_len=16581470653610197040, cmsg_level=SOL_IP, cmsg_type=IP_TOS, cmsg_data=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}], msg_controllen=48, msg_flags=MSG_OOB|MSG_DONTWAIT|MSG_BATCH|MSG_ZEROCOPY|0x8000000}, msg_len=215}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x89\x39\x58\xbb\x76\x3d\x38\x09\x1e\x7e\x24\x2e\x6b\x89\x74\x8e\x3a\xe0\xe5\x26\xdb\x91\x29\x07\xf7\x59\xbc\x2d\xa4\x32\x74\x01\xb4\x4b\xb9\xcb\xd9\x42\x0f\xd5\x76\xee\xac\x9c\x46\xc7\xd3\xa2\x1d\x84\xaa\x3b\xbb\x63\xdb\x44\x54\xd3\x63\xcb\x9d\x87\xa0\xa7\x2e\xc4\x66\x25\x17\x1c\xad\xc7\xbe\x01\xcd\xcf\xc4\xbd\x17\xe0\x9d\x0f\xfe\x8e\x3d\x65\x17\x54\x91\x88\x1c\x81\xa2\xef\x82\x57\xbe\xea\x93\x03"..., iov_len=176}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1]}, {cmsg_len=40, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[-1, -1, -1, -1, -1, -1]}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=0, uid=0, gid=0}}], msg_controllen=192, msg_flags=0}, msg_len=176}], 5, 0) = 5 [pid 548] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] futex(0x7f499a2f93f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 548] <... futex resumed>) = 0 [pid 546] <... futex resumed>) = 1 [pid 548] bpf(BPF_PROG_LOAD, NULL, 0 [pid 546] futex(0x7f499a2f93fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 548] futex(0x7f499a2f93fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] <... futex resumed>) = 0 [pid 548] futex(0x7f499a2f93f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] futex(0x7f499a2f93f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 548] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 546] <... futex resumed>) = 0 [ 376.256938][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 376.263495][ C0] rcu: 0-....: (1 GPs behind) idle=3f6/1/0x4000000000000000 softirq=2599/2600 fqs=4997 last_accelerate: f66c/1d7d dyntick_enabled: 1 [ 376.277022][ C0] (t=10000 jiffies g=2301 q=2180) [ 376.281956][ C0] NMI backtrace for cpu 0 [ 376.286126][ C0] CPU: 0 PID: 547 Comm: syz-executor991 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0 [ 376.296183][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 376.306083][ C0] Call Trace: [ 376.309203][ C0] [ 376.311905][ C0] dump_stack_lvl+0x1e2/0x24b [ 376.316403][ C0] ? panic+0x812/0x812 [ 376.320308][ C0] ? bfq_pos_tree_add_move+0x43b/0x43b [ 376.325604][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 376.330898][ C0] ? vprintk_func+0x19d/0x1e0 [ 376.335412][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 376.340096][ C0] ? printk+0xd1/0x111 [ 376.344004][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 376.349905][ C0] dump_stack+0x15/0x17 [ 376.353899][ C0] nmi_trigger_cpumask_backtrace+0x2b5/0x300 [ 376.359728][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 376.365614][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 376.371344][ C0] rcu_dump_cpu_stacks+0x199/0x2b0 [ 376.376288][ C0] rcu_sched_clock_irq+0xf8a/0x1890 [ 376.381323][ C0] ? rcutree_dead_cpu+0x340/0x340 [ 376.386186][ C0] ? hrtimer_run_queues+0x15f/0x440 [ 376.391219][ C0] update_process_times+0x198/0x200 [ 376.396250][ C0] tick_sched_timer+0x188/0x240 [ 376.400939][ C0] ? tick_setup_sched_timer+0x480/0x480 [ 376.406319][ C0] __hrtimer_run_queues+0x3d7/0xa50 [ 376.411361][ C0] ? hrtimer_interrupt+0x8b0/0x8b0 [ 376.416297][ C0] ? clockevents_program_event+0x214/0x2c0 [ 376.421940][ C0] ? ktime_get_update_offsets_now+0x266/0x280 [ 376.427843][ C0] hrtimer_interrupt+0x39a/0x8b0 [ 376.432617][ C0] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 376.438343][ C0] asm_call_irq_on_stack+0xf/0x20 [ 376.443204][ C0] [ 376.445985][ C0] sysvec_apic_timer_interrupt+0x85/0xe0 [ 376.451451][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 376.457266][ C0] RIP: 0010:__kasan_check_write+0x0/0x20 [ 376.462744][ C0] Code: ec fd 03 03 31 db eb d3 cc cc 55 48 89 e5 89 f6 48 8b 4d 08 31 d2 e8 ef ed ff ff 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <55> 48 89 e5 89 f6 48 8b 4d 08 ba 01 00 00 00 e8 cc ed ff ff 5d c3 [ 376.482172][ C0] RSP: 0018:ffffc90000b56858 EFLAGS: 00000286 [ 376.488075][ C0] RAX: 00000000000003e8 RBX: 0000000000000004 RCX: 0000000000b56803 [ 376.495884][ C0] RDX: ffff88810a8293c0 RSI: 0000000000000004 RDI: ffff88810aa5e880 [ 376.503698][ C0] RBP: ffffc90000b56950 R08: ffffffff84990b8f R09: 0000000000000003 [ 376.511520][ C0] R10: fffff5200016ad1c R11: dffffc0000000001 R12: fffffffffffffc18 [ 376.519324][ C0] R13: ffff88810aa5e800 R14: ffff88810aa5e880 R15: 000000000000035c [ 376.527142][ C0] ? tipc_sk_lookup+0x31f/0x650 [ 376.531936][ C0] ? tipc_sk_lookup+0x4df/0x650 [ 376.536623][ C0] ? preempt_count_add+0x34/0x1a0 [ 376.541478][ C0] ? tipc_sk_rcv+0x1e30/0x1e30 [ 376.546165][ C0] tipc_sk_rcv+0x499/0x1e30 [ 376.550506][ C0] ? __stack_depot_save+0x468/0x4d0 [ 376.555539][ C0] ? kasan_set_track+0x5d/0x70 [ 376.560135][ C0] ? kasan_set_track+0x4b/0x70 [ 376.564735][ C0] ? kasan_set_free_info+0x23/0x40 [ 376.569682][ C0] ? __kasan_slab_free+0x11/0x20 [ 376.574459][ C0] ? slab_free_freelist_hook+0xc0/0x190 [ 376.579840][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 376.584526][ C0] ? kfree_skbmem+0x104/0x170 [ 376.589037][ C0] ? tipc_sk_rcv+0x1b52/0x1e30 [ 376.593640][ C0] ? tipc_node_xmit+0x34b/0xe30 [ 376.598326][ C0] ? tipc_sk_filter_rcv+0x1da8/0x3e00 [ 376.603532][ C0] ? tipc_sk_rcv+0x8a1/0x1e30 [ 376.608047][ C0] ? tipc_node_distr_xmit+0x36a/0x4d0 [ 376.613251][ C0] ? tipc_sk_backlog_rcv+0x18b/0x210 [ 376.618375][ C0] ? __fput+0x33d/0x7b0 [ 376.622364][ C0] ? ____fput+0x15/0x20 [ 376.626357][ C0] ? __skb_queue_purge+0x180/0x180 [ 376.631308][ C0] ? debug_smp_processor_id+0x17/0x20 [ 376.636513][ C0] tipc_node_xmit+0x34b/0xe30 [ 376.641026][ C0] ? __kasan_slab_free+0x11/0x20 [ 376.645800][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 376.651180][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 376.655868][ C0] ? kfree_skbmem+0x104/0x170 [ 376.660386][ C0] tipc_node_xmit_skb+0x153/0x1b0 [ 376.665243][ C0] ? __skb_queue_purge+0x180/0x180 [ 376.670189][ C0] ? trace_tipc_sk_rej_msg+0x2b/0x6f0 [ 376.675398][ C0] tipc_sk_rcv+0x1c0b/0x1e30 [ 376.679828][ C0] ? __skb_queue_purge+0x180/0x180 [ 376.684770][ C0] tipc_node_xmit+0x34b/0xe30 [ 376.689283][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 376.694144][ C0] ? __kernel_text_address+0x9b/0x110 [ 376.699349][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 376.704730][ C0] ? __kasan_check_write+0x14/0x20 [ 376.709681][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 376.714973][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 376.719668][ C0] tipc_sk_filter_rcv+0x1da8/0x3e00 [ 376.724699][ C0] ? tipc_sk_dump+0xf50/0xf50 [ 376.729204][ C0] ? __kasan_check_write+0x14/0x20 [ 376.734152][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 376.739013][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 376.743699][ C0] tipc_sk_rcv+0x8a1/0x1e30 [ 376.748041][ C0] ? __skb_queue_purge+0x180/0x180 [ 376.752985][ C0] ? tipc_sk_filter_rcv+0x3583/0x3e00 [ 376.758197][ C0] tipc_node_xmit+0x34b/0xe30 [ 376.762709][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 376.768096][ C0] tipc_node_distr_xmit+0x36a/0x4d0 [ 376.773122][ C0] ? tipc_node_xmit_skb+0x1b0/0x1b0 [ 376.778155][ C0] ? __kasan_check_write+0x14/0x20 [ 376.783103][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 376.788398][ C0] ? __tipc_shutdown+0xe7c/0x1510 [ 376.793258][ C0] tipc_sk_backlog_rcv+0x18b/0x210 [ 376.798204][ C0] ? tipc_sk_timeout+0xab0/0xab0 [ 376.802980][ C0] __release_sock+0x148/0x410 [ 376.807492][ C0] release_sock+0x65/0x1b0 [ 376.811742][ C0] tipc_release+0xb6b/0x1440 [ 376.816177][ C0] sock_close+0xdf/0x270 [ 376.820248][ C0] ? sock_mmap+0xa0/0xa0 [ 376.824327][ C0] __fput+0x33d/0x7b0 [ 376.828148][ C0] ____fput+0x15/0x20 [ 376.831968][ C0] task_work_run+0x129/0x190 [ 376.836400][ C0] ptrace_notify+0x29e/0x350 [ 376.840820][ C0] ? do_notify_parent+0xa10/0xa10 [ 376.845688][ C0] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 376.851582][ C0] ? irqentry_exit_to_user_mode+0x41/0x80 [ 376.857137][ C0] syscall_exit_to_user_mode+0xf5/0x1a0 [ 376.862515][ C0] do_syscall_64+0x40/0x70 [ 376.866770][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 376.872501][ C0] RIP: 0033:0x7f499a26d9c9 [ 376.876755][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 376.896192][ C0] RSP: 002b:00007f499a22a168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 376.904435][ C0] RAX: 00000000000203a0 RBX: 00007f499a2f93e8 RCX: 00007f499a26d9c9 [ 376.912246][ C0] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 376.920056][ C0] RBP: 00007f499a2f93e0 R08: 00007f499a22a6c0 R09: 0000000000000000 [ 376.927870][ C0] R10: 00007f499a22a6c0 R11: 0000000000000246 R12: 00007f499a2f93ec [ 376.935769][ C0] R13: 0000000000000016 R14: 00007ffdf415a5b0 R15: 00007ffdf415a698 [ 489.100748][ T24] audit: type=1400 audit(1724924589.529:71): avc: denied { remove_name } for pid=75 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 489.122897][ T24] audit: type=1400 audit(1724924589.529:72): avc: denied { rename } for pid=75 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 528.906605][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor991:547] [ 528.915004][ C0] Modules linked in: [ 528.918737][ C0] CPU: 0 PID: 547 Comm: syz-executor991 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0 [ 528.929061][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 528.938964][ C0] RIP: 0010:kasan_check_range+0x1c3/0x2a0 [ 528.944520][ C0] Code: 07 4d 85 ed 49 0f 49 dd 48 83 e3 f8 49 29 dd 74 12 41 80 39 00 0f 85 a6 00 00 00 49 ff c1 49 ff cd 75 ee 5b 41 5c 41 5d 41 5e <41> 5f 5d c3 45 84 f6 75 61 41 f7 c6 00 ff 00 00 75 5d 41 f7 c6 00 [ 528.964475][ C0] RSP: 0018:ffffc90000b56898 EFLAGS: 00000297 [ 528.970373][ C0] RAX: 0000000000000001 RBX: 1ffff9200016ad18 RCX: ffffffff84b237f4 [ 528.978185][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000b568e0 [ 528.985996][ C0] RBP: ffffc90000b568a0 R08: dffffc0000000000 R09: 0000000000000003 [ 528.993804][ C0] R10: fffff5200016ad1c R11: dffffc0000000001 R12: dffffc0000000000 [ 529.001620][ C0] R13: ffffc90000b56db4 R14: 1ffff9200016ad1c R15: ffffc90000b568e0 [ 529.009430][ C0] FS: 00007f499a22a6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 529.018197][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 529.024621][ C0] CR2: 00007ffdf41f57c0 CR3: 000000011c855000 CR4: 00000000003506b0 [ 529.032431][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 529.040241][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 529.048048][ C0] Call Trace: [ 529.051174][ C0] [ 529.053872][ C0] ? show_regs+0x58/0x60 [ 529.057949][ C0] ? watchdog_timer_fn+0x471/0x590 [ 529.062893][ C0] ? proc_watchdog_cpumask+0xd0/0xd0 [ 529.068017][ C0] ? __hrtimer_run_queues+0x3d7/0xa50 [ 529.073224][ C0] ? hrtimer_interrupt+0x8b0/0x8b0 [ 529.078173][ C0] ? clockevents_program_event+0x214/0x2c0 [ 529.083810][ C0] ? ktime_get_update_offsets_now+0x266/0x280 [ 529.089711][ C0] ? hrtimer_interrupt+0x39a/0x8b0 [ 529.094679][ C0] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 529.100576][ C0] ? asm_call_irq_on_stack+0xf/0x20 [ 529.105596][ C0] [ 529.108373][ C0] ? sysvec_apic_timer_interrupt+0x85/0xe0 [ 529.114015][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 529.120032][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 529.124866][ C0] ? kasan_check_range+0x1c3/0x2a0 [ 529.129811][ C0] __kasan_check_write+0x14/0x20 [ 529.134583][ C0] _raw_spin_lock_bh+0xa4/0x1b0 [ 529.139272][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 529.144307][ C0] ? tipc_sk_rcv+0x1795/0x1e30 [ 529.148904][ C0] tipc_sk_rcv+0x2d6/0x1e30 [ 529.153330][ C0] ? __stack_depot_save+0x468/0x4d0 [ 529.158377][ C0] ? kasan_set_track+0x5d/0x70 [ 529.162973][ C0] ? kasan_set_track+0x4b/0x70 [ 529.167573][ C0] ? kasan_set_free_info+0x23/0x40 [ 529.172599][ C0] ? __kasan_slab_free+0x11/0x20 [ 529.177372][ C0] ? slab_free_freelist_hook+0xc0/0x190 [ 529.182758][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 529.187442][ C0] ? kfree_skbmem+0x104/0x170 [ 529.191967][ C0] ? tipc_sk_rcv+0x1b52/0x1e30 [ 529.196552][ C0] ? tipc_node_xmit+0x34b/0xe30 [ 529.201240][ C0] ? tipc_sk_filter_rcv+0x1da8/0x3e00 [ 529.206447][ C0] ? tipc_sk_rcv+0x8a1/0x1e30 [ 529.210963][ C0] ? tipc_node_distr_xmit+0x36a/0x4d0 [ 529.216168][ C0] ? tipc_sk_backlog_rcv+0x18b/0x210 [ 529.221291][ C0] ? __fput+0x33d/0x7b0 [ 529.225281][ C0] ? ____fput+0x15/0x20 [ 529.229274][ C0] ? __skb_queue_purge+0x180/0x180 [ 529.234224][ C0] ? debug_smp_processor_id+0x17/0x20 [ 529.239429][ C0] tipc_node_xmit+0x34b/0xe30 [ 529.243945][ C0] ? __kasan_slab_free+0x11/0x20 [ 529.248715][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 529.254097][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 529.258783][ C0] ? kfree_skbmem+0x104/0x170 [ 529.263297][ C0] tipc_node_xmit_skb+0x153/0x1b0 [ 529.268159][ C0] ? __skb_queue_purge+0x180/0x180 [ 529.273104][ C0] ? trace_tipc_sk_rej_msg+0x2b/0x6f0 [ 529.278311][ C0] tipc_sk_rcv+0x1c0b/0x1e30 [ 529.282825][ C0] ? __skb_queue_purge+0x180/0x180 [ 529.287796][ C0] tipc_node_xmit+0x34b/0xe30 [ 529.292291][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 529.297152][ C0] ? __kernel_text_address+0x9b/0x110 [ 529.302445][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 529.307837][ C0] ? __kasan_check_write+0x14/0x20 [ 529.312770][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 529.318072][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 529.322750][ C0] tipc_sk_filter_rcv+0x1da8/0x3e00 [ 529.327792][ C0] ? tipc_sk_dump+0xf50/0xf50 [ 529.332298][ C0] ? __kasan_check_write+0x14/0x20 [ 529.337248][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 529.342104][ C0] ? kmem_cache_free+0xa9/0x1e0 [ 529.346792][ C0] tipc_sk_rcv+0x8a1/0x1e30 [ 529.351136][ C0] ? __skb_queue_purge+0x180/0x180 [ 529.356164][ C0] ? tipc_sk_filter_rcv+0x3583/0x3e00 [ 529.361372][ C0] tipc_node_xmit+0x34b/0xe30 [ 529.365886][ C0] ? tipc_node_get_linkname+0x190/0x190 [ 529.371267][ C0] tipc_node_distr_xmit+0x36a/0x4d0 [ 529.376302][ C0] ? tipc_node_xmit_skb+0x1b0/0x1b0 [ 529.381337][ C0] ? __kasan_check_write+0x14/0x20 [ 529.386280][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 529.391583][ C0] ? __tipc_shutdown+0xe7c/0x1510 [ 529.396433][ C0] tipc_sk_backlog_rcv+0x18b/0x210 [ 529.401389][ C0] ? tipc_sk_timeout+0xab0/0xab0 [ 529.406161][ C0] __release_sock+0x148/0x410 [ 529.410681][ C0] release_sock+0x65/0x1b0 [ 529.415010][ C0] tipc_release+0xb6b/0x1440 [ 529.419435][ C0] sock_close+0xdf/0x270 [ 529.423516][ C0] ? sock_mmap+0xa0/0xa0 [ 529.427593][ C0] __fput+0x33d/0x7b0 [ 529.431411][ C0] ____fput+0x15/0x20 [ 529.435241][ C0] task_work_run+0x129/0x190 [ 529.439659][ C0] ptrace_notify+0x29e/0x350 [ 529.444087][ C0] ? do_notify_parent+0xa10/0xa10 [ 529.448950][ C0] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 529.454932][ C0] ? irqentry_exit_to_user_mode+0x41/0x80 [ 529.460486][ C0] syscall_exit_to_user_mode+0xf5/0x1a0 [ 529.465870][ C0] do_syscall_64+0x40/0x70 [ 529.470124][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 529.475854][ C0] RIP: 0033:0x7f499a26d9c9 [ 529.480121][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 529.499539][ C0] RSP: 002b:00007f499a22a168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 529.507786][ C0] RAX: 00000000000203a0 RBX: 00007f499a2f93e8 RCX: 00007f499a26d9c9 [ 529.515596][ C0] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 529.523408][ C0] RBP: 00007f499a2f93e0 R08: 00007f499a22a6c0 R09: 0000000000000000 [ 529.531222][ C0] R10: 00007f499a22a6c0 R11: 0000000000000246 R12: 00007f499a2f93ec [ 529.539034][ C0] R13: 0000000000000016 R14: 00007ffdf415a5b0 R15: 00007ffdf415a698 [ 529.546854][ C0] Sending NMI from CPU 0 to CPUs 1: [ 529.552401][ C1] NMI backtrace for cpu 1 [ 529.552408][ C1] CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0 [ 529.552413][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 529.552417][ C1] Workqueue: events_unbound toggle_allocation_gate [ 529.552423][ C1] RIP: 0010:smp_call_function_single+0x27d/0x510 [ 529.552432][ C1] Code: 00 44 8b 6c 24 48 44 89 ee 83 e6 01 31 ff e8 2a f1 0a 00 41 83 e5 01 75 0a e8 6f ed 0a 00 e9 eb 00 00 00 f3 90 42 0f b6 04 23 <84> c0 75 15 f7 44 24 48 01 00 00 00 0f 84 cd 00 00 00 e8 4c ed 0a [ 529.552436][ C1] RSP: 0018:ffffc90000097720 EFLAGS: 00000293 [ 529.552442][ C1] RAX: 0000000000000000 RBX: 1ffff92000012eed RCX: ffff8881002562c0 [ 529.552446][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 529.552451][ C1] RBP: ffffc90000097810 R08: ffffffff815fbb86 R09: ffffed103ee0aec9 [ 529.552455][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 529.552459][ C1] R13: 0000000000000001 R14: ffffc90000097768 R15: 0000000000000000 [ 529.552463][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 529.552467][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 529.552471][ C1] CR2: 00005555567c0430 CR3: 000000000660f000 CR4: 00000000003506a0 [ 529.552475][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 529.552480][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 529.552482][ C1] Call Trace: [ 529.552484][ C1] [ 529.552487][ C1] ? show_regs+0x58/0x60 [ 529.552490][ C1] ? nmi_cpu_backtrace+0x133/0x160 [ 529.552493][ C1] ? smp_call_function_single+0x27d/0x510 [ 529.552496][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 529.552499][ C1] ? nmi_handle+0xa8/0x280 [ 529.552503][ C1] ? smp_call_function_single+0x27d/0x510 [ 529.552505][ C1] ? default_do_nmi+0x69/0x160 [ 529.552508][ C1] ? exc_nmi+0xad/0x100 [ 529.552511][ C1] ? end_repeat_nmi+0x16/0x31 [ 529.552514][ C1] ? smp_call_function_single+0x266/0x510 [ 529.552518][ C1] ? smp_call_function_single+0x27d/0x510 [ 529.552521][ C1] ? smp_call_function_single+0x27d/0x510 [ 529.552524][ C1] ? smp_call_function_single+0x27d/0x510 [ 529.552526][ C1] [ 529.552529][ C1] ? text_poke_sync+0x20/0x20 [ 529.552533][ C1] ? flush_smp_call_function_from_idle+0x1b0/0x1b0 [ 529.552536][ C1] ? cpumask_any_but+0x18/0xb0 [ 529.552539][ C1] ? text_poke_sync+0x20/0x20 [ 529.552542][ C1] ? cpumask_any_but+0xa3/0xb0 [ 529.552545][ C1] smp_call_function_many_cond+0x94e/0xa30 [ 529.552548][ C1] ? __kmalloc_track_caller+0xe8/0x320 [ 529.552551][ C1] ? text_poke_sync+0x20/0x20 [ 529.552554][ C1] ? smp_call_function_many+0x40/0x40 [ 529.552557][ C1] ? text_poke+0x20/0x20 [ 529.552560][ C1] ? text_poke_sync+0x20/0x20 [ 529.552563][ C1] on_each_cpu+0xa8/0x1a0 [ 529.552566][ C1] ? smp_call_function+0x90/0x90 [ 529.552569][ C1] ? text_poke_loc_init+0x2e1/0x580 [ 529.552572][ C1] ? text_poke_finish+0x30/0x30 [ 529.552575][ C1] text_poke_bp_batch+0x1d4/0x600 [ 529.552578][ C1] ? __kasan_check_write+0x14/0x20 [ 529.552581][ C1] ? text_poke_loc_init+0x580/0x580 [ 529.552584][ C1] ? __kasan_check_write+0x14/0x20 [ 529.552587][ C1] ? mutex_lock+0xa5/0x110 [ 529.552589][ C1] ? mutex_trylock+0xa0/0xa0 [ 529.552593][ C1] ? __kmalloc_track_caller+0xe8/0x320 [ 529.552596][ C1] ? __kasan_check_write+0x14/0x20 [ 529.552598][ C1] ? mutex_unlock+0x1c/0x40 [ 529.552601][ C1] text_poke_finish+0x1a/0x30 [ 529.552605][ C1] arch_jump_label_transform_apply+0x15/0x30 [ 529.552608][ C1] __jump_label_update+0x36a/0x380 [ 529.552611][ C1] jump_label_update+0x379/0x400 [ 529.552614][ C1] static_key_disable_cpuslocked+0xcd/0x1b0 [ 529.552617][ C1] static_key_disable+0x1a/0x30 [ 529.552620][ C1] toggle_allocation_gate+0x3b4/0x450 [ 529.552623][ C1] ? kfence_protect+0x270/0x270 [ 529.552627][ C1] ? finish_task_switch+0x130/0x5a0 [ 529.552629][ C1] ? io_schedule+0x120/0x120 [ 529.552633][ C1] ? __kasan_check_read+0x11/0x20 [ 529.552636][ C1] ? read_word_at_a_time+0x12/0x20 [ 529.552638][ C1] ? strscpy+0x9c/0x260 [ 529.552641][ C1] process_one_work+0x6dc/0xbd0 [ 529.552644][ C1] worker_thread+0xaea/0x1510 [ 529.552647][ C1] kthread+0x34b/0x3d0 [ 529.552650][ C1] ? worker_clr_flags+0x180/0x180 [ 529.552653][ C1] ? kthread_blkcg+0xd0/0xd0 [ 529.552656][ C1] ret_from_fork+0x1f/0x30